***MIKROTIK***

/ interface ipip 
add name="ipip1" mtu=1480 local-address=10.10.1.100 remote-address=10.10.1.200 comment="" disabled=no

/ ip address 
add address=10.10.1.100/24 network=10.10.1.0 broadcast=10.10.1.255 interface=WAN comment="" disabled=no 
add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 interface=LAN comment="" disabled=no 
add address=192.168.0.18/30 network=192.168.0.18 broadcast=192.168.0.18 interface=ipip1 comment="" disabled=no 
 

/ routing rip 
set redistribute-static=no redistribute-connected=no redistribute-ospf=no redistribute-bgp=no metric-static=1 metric-connected=1 metric-ospf=1 metric-bgp=1 \
    update-timer=30s timeout-timer=3m garbage-timer=2m 
/ routing rip interface 
add interface=Tunnel-1 receive=v2 send=v2 authentication=none authentication-key="" prefix-list-in="" prefix-list-out="" 
/ routing rip neighbor 
add address=172.16.0.17 
/ routing rip network 
add address=192.168.1.0/24 
add address=172.16.0.16/30 


/ ip ipsec policy 
add src-address=10.10.1.100/32:any dst-address=10.10.1.200/32:any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=no \
    sa-src-address=10.10.1.100 sa-dst-address=10.10.1.100 proposal=VPN manual-sa=none dont-fragment=clear disabled=no 
/ ip ipsec peer 
add address=10.10.1.200 secret="ipsec" generate-policy=no exchange-mode=main send-initial-contact=yes proposal-check=obey hash-algorithm=md5 \
    enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0 disabled=no 
/ ip ipsec proposal 
add name="IPSec" auth-algorithms=md5 enc-algorithms=3des lifetime=30m lifebytes=0 pfs-group=modp1024 disabled=no




***CISCO***	

interface Tunnel1
 description **Cisco Peer**
 ip address 192.168.0.17 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1480
 ip rip v2-broadcast
 ip tcp adjust-mss 1400
 load-interval 30
 tunnel source 10.10.1.200
 tunnel destination 10.10.1.100
 tunnel mode ipip
 tunnel protection ipsec profile encrypt
 hold-queue 1024 in
 hold-queue 1024 out
!
router rip
 version 2
 timers basic 30 60 90 90
 redistribute connected metric 1 route-map connected-to-rip
 redistribute static metric 5 route-map static-to-rip
 network 192.168.0.0
 distribute-list prefix LAN out
 no auto-summary
!
ip prefix-list LAN seq 10 permit 192.168.2.0/24
!
route-map connected-to-rip permit 10
 match interface FastEthernet0/0
!
route-map static-to-rip permit 10
 match ip address prefix-list LAN
!
!
!
crypto ipsec security-association idle-time 600
!
crypto isakmp key ipsec address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set vpn esp-3des esp-md5-hmac
 mode transport
!
crypto ipsec profile encrypt
 set transform-set vpn
!
crypto map vpn 1 ipsec-isakmp 
 description **To Mikrotik Peer**
 set peer 10.10.1.100
 set transform-set vpn 
 set pfs group2
 match address mikrotik_peer
!
ip access-list extended mikortik_peer
 permit ipinip host 10.10.1.200 host 10.10.1.100



